You are here

Home » API reference » Webform 6.x » webform_group.module

function webform_group_webform_submission_access in Webform 6.x

Same name and namespace in other branches
  1. 8.5 modules/webform_group/webform_group.module \webform_group_webform_submission_access()

Implements hook_ENTITY_TYPE_access() for webform_submission entities.

File

modules/webform_group/webform_group.module, line 334
Provides a Webform integration with the Group module.

Code

function webform_group_webform_submission_access(WebformSubmissionInterface $webform_submission, $operation, AccountInterface $account) {
  if (!in_array($operation, [
    'view',
    'update',
    'delete',
  ])) {
    return AccessResult::neutral();
  }

  /** @var \Drupal\webform_group\WebformGroupManagerInterface $webform_group_manager */
  $webform_group_manager = \Drupal::service('webform_group.manager');

  // During testing we need to only look at the current users group roles.
  // @todo Rework webform_group_webform_submission_query_access_alter().
  // @see \Drupal\Tests\webform_group\Functional\WebformGroupSubmissionAccessTest
  if (drupal_valid_test_ua()) {

    // Get the current user's group roles for the current group content.
    $user_group_roles = $webform_group_manager
      ->getCurrentUserGroupRoles();
  }
  else {

    // Get the user's group roles for the current group content.
    $user_group_roles = $webform_group_manager
      ->getWebformSubmissionUserGroupRoles($webform_submission, $account);
  }

  // Get webform access rules.
  $webform = $webform_submission
    ->getWebform();
  $access_rules = $webform_group_manager
    ->getAccessRules($webform);

  // Compare the current user group roles with the admin and permission
  // access rules' group roles.
  if (array_intersect($access_rules['administer']['group_roles'], $user_group_roles) || array_intersect($access_rules[$operation . '_any']['group_roles'], $user_group_roles) || array_intersect($access_rules[$operation . '_own']['group_roles'], $user_group_roles) && (int) $webform_submission
    ->getOwnerId() === (int) $account
    ->id()) {
    return AccessResult::allowed()
      ->cachePerUser()
      ->addCacheableDependency($webform)
      ->addCacheableDependency($webform_submission);
  }

  // No opinion.
  return AccessResult::neutral();
}